Unable to find manual contract audit (e.g. Certik, PeckShield, Solidity...)
mofang.addLiquidity(uint256,uint256) (#742-755) sends eth to arbitrary user
Dangerous calls:
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#747-754)
Ensure that an arbitrary user cannot withdraw unauthorized funds.
Additional information: link
Reentrancy in mofang._transfer(address,address,uint256) (#651-689):
External calls:
- swapAndLiquify(contractTokenBalance) (#673)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#747-754)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#731-737)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#673)
- recipient.transfer(amount) (#615)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#747-754)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#676)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#684)
- finalAmount = takeFee(sender,recipient,amount) (#678-679)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#769)
Apply the check-effects-interactions pattern.
Additional information: link
Combination 1: Reentrancy vulnerabilities + Functions that send Ether to arbitraty destination. Usual for scams. May be justified by some complex mechanics (e.g. rebase, reflections). DYOR & manual audit are advised.
mofang.addLiquidity(uint256,uint256) (#742-755) ignores return value by uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#747-754)
Ensure that all the return values of the function calls are used.
Additional information: link
mofang.allowance(address,address).owner (#506) shadows:
- Ownable.owner() (#158-160) (function)
mofang._approve(address,address,uint256).owner (#529) shadows:
- Ownable.owner() (#158-160) (function)
Rename the local variables that shadow another component.
Additional information: link
mofang.setBuyTaxes(uint256,uint256,uint256) (#549-555) should emit an event for:
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#554)
mofang.setSelTaxes(uint256,uint256,uint256) (#557-563) should emit an event for:
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#562)
mofang.setDistributionSettings(uint256,uint256,uint256) (#565-571) should emit an event for:
- _liquidityShare = newLiquidityShare (#566)
- _teamShare = newTeamShare (#568)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#570)
mofang.setMaxTxAmount(uint256) (#573-575) should emit an event for:
- _maxTxAmount = maxTxAmount (#574)
mofang.setWalletLimit(uint256) (#585-587) should emit an event for:
- _walletMax = newLimit (#586)
mofang.setNumTokensBeforeSwap(uint256) (#589-591) should emit an event for:
- minimumTokensBeforeSwap = newLimit (#590)
Emit an event for critical parameter changes.
Additional information: link
mofang.setMarketingWalletAddress(address).newAddress (#593) lacks a zero-check on :
- marketingWalletAddress = address(newAddress) (#594)
mofang.setTeamWalletAddress(address).newAddress (#597) lacks a zero-check on :
- teamWalletAddress = address(newAddress) (#598)
Check that the address is not zero.
Additional information: link
Reentrancy in mofang.changeRouterVersion(address) (#618-635):
External calls:
- newPairAddress = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#626-627)
State variables written after the call(s):
- isMarketPair[address(uniswapPair)] = true (#634)
- isWalletLimitExempt[address(uniswapPair)] = true (#633)
- uniswapPair = newPairAddress (#630)
- uniswapV2Router = _uniswapV2Router (#631)
Reentrancy in mofang.constructor() (#456-484):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#460-461)
State variables written after the call(s):
- _allowances[address(this)][address(uniswapV2Router)] = _totalSupply (#464)
- _balances[_msgSender()] = _totalSupply (#482)
- _totalDistributionShares = _liquidityShare.add(_marketingShare).add(_teamShare) (#471)
- _totalTaxIfBuying = _buyLiquidityFee.add(_buyMarketingFee).add(_buyTeamFee) (#469)
- _totalTaxIfSelling = _sellLiquidityFee.add(_sellMarketingFee).add(_sellTeamFee) (#470)
- isExcludedFromFee[owner()] = true (#466)
- isExcludedFromFee[address(this)] = true (#467)
- isMarketPair[address(uniswapPair)] = true (#480)
- isTxLimitExempt[owner()] = true (#477)
- isTxLimitExempt[address(this)] = true (#478)
- isWalletLimitExempt[owner()] = true (#473)
- isWalletLimitExempt[address(uniswapPair)] = true (#474)
- isWalletLimitExempt[address(this)] = true (#475)
- uniswapV2Router = _uniswapV2Router (#463)
Reentrancy in mofang.swapAndLiquify(uint256) (#698-720):
External calls:
- swapTokensForEth(tokensForSwap) (#703)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#731-737)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#719)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#747-754)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#713)
- recipient.transfer(amount) (#615)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#716)
- recipient.transfer(amount) (#615)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#719)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#747-754)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#719)
- _allowances[owner][spender] = amount (#533)
Reentrancy in mofang.transferFrom(address,address,uint256) (#645-649):
External calls:
- _transfer(sender,recipient,amount) (#646)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#747-754)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#731-737)
External calls sending eth:
- _transfer(sender,recipient,amount) (#646)
- recipient.transfer(amount) (#615)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#747-754)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#647)
- _allowances[owner][spender] = amount (#533)
Apply the check-effects-interactions pattern.
Additional information: link
Reentrancy in mofang._transfer(address,address,uint256) (#651-689):
External calls:
- swapAndLiquify(contractTokenBalance) (#673)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#747-754)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#731-737)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#673)
- recipient.transfer(amount) (#615)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#747-754)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#770)
- finalAmount = takeFee(sender,recipient,amount) (#678-679)
- Transfer(sender,recipient,finalAmount) (#686)
Reentrancy in mofang.constructor() (#456-484):
External calls:
- uniswapPair = IUniswapV2Factory(_uniswapV2Router.factory()).createPair(address(this),_uniswapV2Router.WETH()) (#460-461)
Event emitted after the call(s):
- Transfer(address(0),_msgSender(),_totalSupply) (#483)
Reentrancy in mofang.swapAndLiquify(uint256) (#698-720):
External calls:
- swapTokensForEth(tokensForSwap) (#703)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#731-737)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#719)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#747-754)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#713)
- recipient.transfer(amount) (#615)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#716)
- recipient.transfer(amount) (#615)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#719)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#747-754)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#534)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#719)
Reentrancy in mofang.swapTokensForEth(uint256) (#722-740):
External calls:
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#731-737)
Event emitted after the call(s):
- SwapTokensForETH(tokenAmount,path) (#739)
Reentrancy in mofang.transferFrom(address,address,uint256) (#645-649):
External calls:
- _transfer(sender,recipient,amount) (#646)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#747-754)
- uniswapV2Router.swapExactTokensForETHSupportingFeeOnTransferTokens(tokenAmount,0,path,address(this),block.timestamp) (#731-737)
External calls sending eth:
- _transfer(sender,recipient,amount) (#646)
- recipient.transfer(amount) (#615)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#747-754)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#534)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#647)
Apply the check-effects-interactions pattern.
Additional information: link
Address.isContract(address) (#91-98) uses assembly
- INLINE ASM (#96)
Address._functionCallWithValue(address,bytes,uint256,string) (#125-142) uses assembly
- INLINE ASM (#134-137)
Do not use evm assembly.
Additional information: link
Address._functionCallWithValue(address,bytes,uint256,string) (#125-142) is never used and should be removed
Address.functionCall(address,bytes) (#108-110) is never used and should be removed
Address.functionCall(address,bytes,string) (#112-114) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256) (#116-118) is never used and should be removed
Address.functionCallWithValue(address,bytes,uint256,string) (#120-123) is never used and should be removed
Address.isContract(address) (#91-98) is never used and should be removed
Address.sendValue(address,uint256) (#100-106) is never used and should be removed
Context._msgData() (#18-21) is never used and should be removed
SafeMath.mod(uint256,uint256) (#79-81) is never used and should be removed
SafeMath.mod(uint256,uint256,string) (#83-86) is never used and should be removed
Remove unused functions.
Additional information: link
mofang._totalSupply (#420) is set pre-construction with a non-constant function or state variable:
- 100000000 * 10 ** _decimals
mofang._maxTxAmount (#421) is set pre-construction with a non-constant function or state variable:
- 100000000 * 10 ** _decimals
mofang._walletMax (#422) is set pre-construction with a non-constant function or state variable:
- 100000000 * 10 ** _decimals
mofang.minimumTokensBeforeSwap (#423) is set pre-construction with a non-constant function or state variable:
- 1000 * 10 ** _decimals
Remove any initialization of state variables via non-constant state variables or function calls. If variables must be set upon contract deployment, locate initialization in the constructor instead.
Additional information: link
Low level call in Address.sendValue(address,uint256) (#100-106):
- (success) = recipient.call{value: amount}() (#104)
Low level call in Address._functionCallWithValue(address,bytes,uint256,string) (#125-142):
- (success,returndata) = target.call{value: weiValue}(data) (#128)
Avoid low-level calls. Check the call success. If the call is meant for a contract, check for code existence
Additional information: link
Function IUniswapV2Pair.DOMAIN_SEPARATOR() (#215) is not in mixedCase
Function IUniswapV2Pair.PERMIT_TYPEHASH() (#216) is not in mixedCase
Function IUniswapV2Pair.MINIMUM_LIQUIDITY() (#232) is not in mixedCase
Function IUniswapV2Router01.WETH() (#251) is not in mixedCase
Contract mofang (#384-777) is not in CapWords
Parameter mofang.setSwapAndLiquifyEnabled(bool)._enabled (#601) is not in mixedCase
Variable mofang._balances (#396) is not in mixedCase
Variable mofang._buyLiquidityFee (#404) is not in mixedCase
Variable mofang._buyMarketingFee (#405) is not in mixedCase
Variable mofang._buyTeamFee (#406) is not in mixedCase
Variable mofang._sellLiquidityFee (#408) is not in mixedCase
Variable mofang._sellMarketingFee (#409) is not in mixedCase
Variable mofang._sellTeamFee (#410) is not in mixedCase
Variable mofang._liquidityShare (#412) is not in mixedCase
Variable mofang._marketingShare (#413) is not in mixedCase
Variable mofang._teamShare (#414) is not in mixedCase
Variable mofang._totalTaxIfBuying (#416) is not in mixedCase
Variable mofang._totalTaxIfSelling (#417) is not in mixedCase
Variable mofang._totalDistributionShares (#418) is not in mixedCase
Variable mofang._maxTxAmount (#421) is not in mixedCase
Variable mofang._walletMax (#422) is not in mixedCase
Follow the Solidity naming convention.
Additional information: link
Redundant expression "this (#19)" inContext (#12-22)
Remove redundant statements if they congest code but offer no value.
Additional information: link
Reentrancy in mofang._transfer(address,address,uint256) (#651-689):
External calls:
- swapAndLiquify(contractTokenBalance) (#673)
- recipient.transfer(amount) (#615)
External calls sending eth:
- swapAndLiquify(contractTokenBalance) (#673)
- recipient.transfer(amount) (#615)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#747-754)
State variables written after the call(s):
- _balances[sender] = _balances[sender].sub(amount,Insufficient Balance) (#676)
- _balances[recipient] = _balances[recipient].add(finalAmount) (#684)
- finalAmount = takeFee(sender,recipient,amount) (#678-679)
- _balances[address(this)] = _balances[address(this)].add(feeAmount) (#769)
Event emitted after the call(s):
- Transfer(sender,address(this),feeAmount) (#770)
- finalAmount = takeFee(sender,recipient,amount) (#678-679)
- Transfer(sender,recipient,finalAmount) (#686)
Reentrancy in mofang.swapAndLiquify(uint256) (#698-720):
External calls:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#713)
- recipient.transfer(amount) (#615)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#716)
- recipient.transfer(amount) (#615)
External calls sending eth:
- transferToAddressETH(marketingWalletAddress,amountBNBMarketing) (#713)
- recipient.transfer(amount) (#615)
- transferToAddressETH(teamWalletAddress,amountBNBTeam) (#716)
- recipient.transfer(amount) (#615)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#719)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#747-754)
State variables written after the call(s):
- addLiquidity(tokensForLP,amountBNBLiquidity) (#719)
- _allowances[owner][spender] = amount (#533)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#534)
- addLiquidity(tokensForLP,amountBNBLiquidity) (#719)
Reentrancy in mofang.transferFrom(address,address,uint256) (#645-649):
External calls:
- _transfer(sender,recipient,amount) (#646)
- recipient.transfer(amount) (#615)
External calls sending eth:
- _transfer(sender,recipient,amount) (#646)
- recipient.transfer(amount) (#615)
- uniswapV2Router.addLiquidityETH{value: ethAmount}(address(this),tokenAmount,0,0,owner(),block.timestamp) (#747-754)
State variables written after the call(s):
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#647)
- _allowances[owner][spender] = amount (#533)
Event emitted after the call(s):
- Approval(owner,spender,amount) (#534)
- _approve(sender,_msgSender(),_allowances[sender][_msgSender()].sub(amount,ERC20: transfer amount exceeds allowance)) (#647)
Apply the check-effects-interactions pattern.
Additional information: link
Variable IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountADesired (#256) is too similar to IUniswapV2Router01.addLiquidity(address,address,uint256,uint256,uint256,uint256,address,uint256).amountBDesired (#257)
Prevent variables from having similar names.
Additional information: link
Ownable.waiveOwnership() (#167-170) uses literals with too many digits:
- OwnershipTransferred(_owner,address(0x000000000000000000000000000000000000dEaD)) (#168)
Ownable.waiveOwnership() (#167-170) uses literals with too many digits:
- _owner = address(0x000000000000000000000000000000000000dEaD) (#169)
mofang.slitherConstructorVariables() (#384-777) uses literals with too many digits:
- deadAddress = 0x000000000000000000000000000000000000dEaD (#394)
mofang.slitherConstructorVariables() (#384-777) uses literals with too many digits:
- _totalSupply = 100000000 * 10 ** _decimals (#420)
mofang.slitherConstructorVariables() (#384-777) uses literals with too many digits:
- _maxTxAmount = 100000000 * 10 ** _decimals (#421)
mofang.slitherConstructorVariables() (#384-777) uses literals with too many digits:
- _walletMax = 100000000 * 10 ** _decimals (#422)
Use: Ether suffix, Time suffix, or The scientific notation
Additional information: link
Ownable.asdasd (#147) is never used in mofang (#384-777)
Ownable._lockTime (#148) is never used in mofang (#384-777)
Remove unused state variables.
Additional information: link
Ownable._lockTime (#148) should be constant
Ownable.asdasd (#147) should be constant
mofang._decimals (#391) should be constant
mofang._name (#389) should be constant
mofang._symbol (#390) should be constant
Add the constant attributes to state variables that never change.
Additional information: link
waiveOwnership() should be declared external:
- Ownable.waiveOwnership() (#167-170)
transferOwnership(address) should be declared external:
- Ownable.transferOwnership(address) (#172-176)
getTime() should be declared external:
- Ownable.getTime() (#178-180)
name() should be declared external:
- mofang.name() (#486-488)
symbol() should be declared external:
- mofang.symbol() (#490-492)
decimals() should be declared external:
- mofang.decimals() (#494-496)
totalSupply() should be declared external:
- mofang.totalSupply() (#498-500)
allowance(address,address) should be declared external:
- mofang.allowance(address,address) (#506-508)
increaseAllowance(address,uint256) should be declared external:
- mofang.increaseAllowance(address,uint256) (#510-513)
decreaseAllowance(address,uint256) should be declared external:
- mofang.decreaseAllowance(address,uint256) (#515-518)
minimumTokensBeforeSwapAmount() should be declared external:
- mofang.minimumTokensBeforeSwapAmount() (#520-522)
approve(address,uint256) should be declared external:
- mofang.approve(address,uint256) (#524-527)
setMarketPairStatus(address,bool) should be declared external:
- mofang.setMarketPairStatus(address,bool) (#537-539)
setIsExcludedFromFee(address,bool) should be declared external:
- mofang.setIsExcludedFromFee(address,bool) (#545-547)
setSwapAndLiquifyEnabled(bool) should be declared external:
- mofang.setSwapAndLiquifyEnabled(bool) (#601-604)
setSwapAndLiquifyByLimitOnly(bool) should be declared external:
- mofang.setSwapAndLiquifyByLimitOnly(bool) (#606-608)
getCirculatingSupply() should be declared external:
- mofang.getCirculatingSupply() (#610-612)
changeRouterVersion(address) should be declared external:
- mofang.changeRouterVersion(address) (#618-635)
transfer(address,uint256) should be declared external:
- mofang.transfer(address,uint256) (#640-643)
transferFrom(address,address,uint256) should be declared external:
- mofang.transferFrom(address,address,uint256) (#645-649)
Use the external attribute for functions never called from the contract.
Additional information: link
Unable to find website, listings and other project-related information
Young tokens have high risks of scam / price dump / death
Token has no active CoinGecko listing / rank
Token has no active CoinMarketCap listing / rank
Unable to find Twitter account
Telegram account has relatively few subscribers
Unable to find Blog account (Reddit or Medium)
Unable to find Youtube account
Unable to find Discord account